Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Secure Access Control Server XML External Entity Injection Vulnerability
Vulnerability Description
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Cisco Secure Access Control Server 安全漏洞
Vulnerability Description
Cisco Secure Access Control Server(ACS)是美国思科(Cisco)公司的一款安全访问控制服务器。该服务器为思科智能信息网络提供基于身份的全面的访问控制解决方案。 Cisco Secure ACS 5.8 patch 10之前版本中基于Web的UI存在XML外部实体注入漏洞,该漏洞源于在解析XML文件时,程序没有正确地处理XML外部实体。远程攻击者可通过诱使管理员导入特制的XML文件利用该漏洞获取受影响系统中信息的读取权限。
CVSS Information
N/A
Vulnerability Type
N/A